21 matches found
Authentication flaw
It is identified a vulnerability of insufficient authentication in the system configuration interface of Hitron Technologies CODA-5310. An unauthorized remote attacker can exploit this vulnerability to access system configuration interface, resulting in performing arbitrary system operation or...
CVE-2023-27387
Cross-site request forgery CSRF in T&D Corporation and ESPEC MIC CORP. data logger products allows a remote unauthenticated attacker to conduct an arbitrary operation by having a logged-in user view a malicious page. Affected products and versions are as follows: T&D Corporation data logger...
CVE-2023-25946
Authentication bypass vulnerability in Qrio Lock Q-SL2 firmware version 2.0.9 and earlier allows a network-adjacent attacker to analyze the product's communication data and conduct an arbitrary operation under certain conditions...
Authentication flaw
Authentication bypass vulnerability in Qrio Lock Q-SL2 firmware version 2.0.9 and earlier allows a network-adjacent attacker to analyze the product's communication data and conduct an arbitrary operation under certain conditions...
CVE-2023-25946
Authentication bypass vulnerability in Qrio Lock Q-SL2 firmware version 2.0.9 and earlier allows a network-adjacent attacker to analyze the product's communication data and conduct an arbitrary operation under certain conditions...
Deserialization of untrusted data
aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ interpreter. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands to perform arbitrary system operation or disrupt service...
CVE-2023-24837 HGiga PowerStation - Command Injection
HGiga PowerStation remote management function has insufficient filtering for user input. An authenticated remote attacker with general user privilege can exploit this vulnerability to inject and execute arbitrary system commands to perform arbitrary system operation or disrupt service...
CVE-2023-24841
CVE-2023-24841 affects HGiga MailSherlock (MailSherlock query function for connection logs). The vulnerability stems from insufficient filtering of user input, enabling a authenticated remote attacker with administrator privileges to inject and execute arbitrary system commands, potentially perfo...
CVE-2022-28704
Improper access control vulnerability in Rakuten Casa version APFV141 or APFV200 allows a remote attacker to log in with the root privilege and perform an arbitrary operation if the product is in its default settings in which is set to accept SSH connections from the WAN side, and is also connect...
Hardcoded credentials
Rakuten Casa version APFV141 or APFV200 uses a hard-coded credential which may allow a remote unauthenticated attacker to log in with the root privilege and perform an arbitrary operation...
Improper access control
Improper access control vulnerability in Rakuten Casa version APFV141 or APFV200 allows a remote attacker to log in with the root privilege and perform an arbitrary operation if the product is in its default settings in which is set to accept SSH connections from the WAN side, and is also connect...
CVE-2022-28704
Improper access control vulnerability in Rakuten Casa version APFV141 or APFV200 allows a remote attacker to log in with the root privilege and perform an arbitrary operation if the product is in its default settings in which is set to accept SSH connections from the WAN side, and is also connect...
CVE-2022-28704
CVE-2022-28704 affects Rakuten Casa versions AP_F_V1_4_1 and AP_F_V2_0_0. The vulnerability is an improper access control that lets a remote attacker log in with root privileges and perform arbitrary operations when the product is in its default settings that accept SSH connections from the WAN a...
CVE-2021-20846
Cross-site request forgery CSRF vulnerability in Push Notifications for WordPress Lite versions prior to 6.0.1 allows a remote attacker to hijack the authentication of an administrator and conduct an arbitrary operation via a specially crafted web page...
CVE-2021-20845
Cross-site request forgery CSRF vulnerability in Unlimited Sitemap Generator versions prior to v8.2 allows a remote attacker to hijack the authentication of an administrator and conduct arbitrary operation via a specially crafted web page...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in Push Notifications for WordPress Lite versions prior to 6.0.1 allows a remote attacker to hijack the authentication of an administrator and conduct an arbitrary operation via a specially crafted web page...
CVE-2021-20846
Cross-site request forgery CSRF vulnerability in Push Notifications for WordPress Lite versions prior to 6.0.1 allows a remote attacker to hijack the authentication of an administrator and conduct an arbitrary operation via a specially crafted web page...
CVE-2021-20845
Cross-site request forgery CSRF vulnerability in Unlimited Sitemap Generator versions prior to v8.2 allows a remote attacker to hijack the authentication of an administrator and conduct arbitrary operation via a specially crafted web page...
CVE-2021-20758
Cross-site request forgery CSRF vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to hijack the authentication of administrators and perform an arbitrary operation via unspecified vectors...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to hijack the authentication of administrators and perform an arbitrary operation via unspecified vectors...